{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25008", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "state": "PUBLISHED", "assignerShortName": "ERIC", "dateReserved": "2024-02-02T21:33:13.076Z", "datePublished": "2024-08-16T09:42:21.010Z", "dateUpdated": "2024-08-16T13:50:48.465Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Ericsson RAN Compute Basebands (all BB variants)", "vendor": "Ericsson", "versions": [{"lessThan": "24.Q2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Site Controller 6610", "vendor": "Ericsson", "versions": [{"lessThan": "24.Q2", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability."}], "value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2024-08-16T09:42:21.010Z"}, "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Ericsson RAN Compute Basebands: Upgrade to </span><span style=\"background-color: var(--wht);\">24.Q1 IP1, </span><span style=\"background-color: var(--wht);\">23.Q4 C1, </span><span style=\"background-color: var(--wht);\">23.Q3 C3, </span><span style=\"background-color: var(--wht);\">23.Q2 C5, </span><span style=\"background-color: var(--wht);\">23.Q1 C5 LTE only, </span><span style=\"background-color: rgb(255, 255, 255);\">22.Q4 C6 LTE only</span><br>"}], "value": "Ericsson RAN Compute Basebands: Upgrade to 24.Q1 IP1, 23.Q4 C1, 23.Q3 C3, 23.Q2 C5, 23.Q1 C5 LTE only, 22.Q4 C6 LTE only"}, {"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Site Controller 6610: Upgrade to 24.Q2</span>\n\n<br>"}], "value": "Site Controller 6610: Upgrade to 24.Q2"}], "source": {"discovery": "EXTERNAL"}, "title": "Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "ericsson", "product": "controller_6610", "cpes": ["cpe:2.3:h:ericsson:controller_6610:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "24.q2", "versionType": "custom"}]}, {"vendor": "ericsson", "product": "ran_compute", "cpes": ["cpe:2.3:h:ericsson:ran_compute:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "24.q2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T13:14:44.851352Z", "id": "CVE-2024-25008", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T13:50:48.465Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-16T13:14:44.851352Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:ericsson:controller_6610:*:*:*:*:*:*:*:*"], "vendor": "ericsson", "product": "controller_6610", "versions": [{"status": "affected", "version": "0", "lessThan": "24.q2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:h:ericsson:ran_compute:*:*:*:*:*:*:*:*"], "vendor": "ericsson", "product": "ran_compute", "versions": [{"status": "affected", "version": "0", "lessThan": "24.q2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T13:50:33.653Z"}}], "cna": {"title": "Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ericsson", "product": "Ericsson RAN Compute Basebands (all BB variants)", "versions": [{"status": "affected", "version": "0", "lessThan": "24.Q2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Ericsson", "product": "Site Controller 6610", "versions": [{"status": "affected", "version": "0", "lessThan": "24.Q2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Ericsson RAN Compute Basebands: Upgrade to 24.Q1 IP1, 23.Q4 C1, 23.Q3 C3, 23.Q2 C5, 23.Q1 C5 LTE only, 22.Q4 C6 LTE only", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Ericsson RAN Compute Basebands: Upgrade to </span><span style=\"background-color: var(--wht);\">24.Q1 IP1, </span><span style=\"background-color: var(--wht);\">23.Q4 C1, </span><span style=\"background-color: var(--wht);\">23.Q3 C3, </span><span style=\"background-color: var(--wht);\">23.Q2 C5, </span><span style=\"background-color: var(--wht);\">23.Q1 C5 LTE only, </span><span style=\"background-color: rgb(255, 255, 255);\">22.Q4 C6 LTE only</span><br>", "base64": false}]}, {"lang": "en", "value": "Site Controller 6610: Upgrade to 24.Q2", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Site Controller 6610: Upgrade to 24.Q2</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2024-08-16T09:42:21.010Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25008", "state": "PUBLISHED", "dateUpdated": "2024-08-16T13:50:48.465Z", "dateReserved": "2024-02-02T21:33:13.076Z", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "datePublished": "2024-08-16T09:42:21.010Z", "assignerShortName": "ERIC"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability."}, {"lang": "es", "value": " Ericsson RAN Compute and Site Controller 6610 contiene una vulnerabilidad en el sistema de control donde la validaci\u00f3n de entrada incorrecta puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario, por ejemplo, para obtener un shell de Linux con los mismos privilegios que el atacante. El atacante necesitar\u00eda privilegios elevados, por ejemplo, un usuario de OAM v\u00e1lido que tenga el rol de administrador del sistema para explotar la vulnerabilidad."}], "id": "CVE-2024-25008", "lastModified": "2024-08-19T13:00:23.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}]}, "published": "2024-08-16T10:15:04.823", "references": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024"}], "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}]}

{}